This Privacy Policy explains how LuckyWins Casino (“LuckyWins Casino”, “we”, “us”, “our”) collects, uses, stores, shares and protects personal data of users (“you”, “your”, “player”) when you access or use our website, products and services (collectively, the “Services”). By using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to the processing of your personal data as described herein, in accordance with applicable data protection laws.
1. Data Controller and Contact Details
The data controller responsible for processing your personal data is LuckyWins Casino, operating the online casino brand and associated Services. If you have any questions, requests or concerns regarding this Privacy Policy or the processing of your personal data, you may contact our data protection representative via the contact form or email address provided on the website under the “Contact” or “Support” sections.
2. Categories of Personal Data We Collect
We may collect and process the following categories of personal data when you use our Services: (a) Identification data: full name, date of birth, gender, country of residence, and copies of identity documents where required for verification; (b) Contact data: email address, telephone number, residential address and communication preferences; (c) Account data: username, encrypted password, security questions, account settings and communication history; (d) Financial and transaction data: payment card details (processed via secure payment providers), bank account information, e-wallet identifiers, deposits, withdrawals, betting history, wins, losses and bonus usage; (e) Technical data: IP address, device identifiers, browser type and version, operating system, time zone settings, and other technical information collected through cookies and similar technologies; (f) Usage data: information about how you interact with our website and Services, including pages visited, session duration, referral sources and in-game activity; (g) Compliance and risk data: information collected for anti-money laundering (AML), counter-terrorist financing (CTF), fraud prevention, responsible gambling and regulatory reporting, including results of identity checks and sanctions screening.
3. Legal Bases for Processing
We process your personal data only where we have a valid legal basis to do so under applicable data protection laws. Depending on the specific processing activity, we may rely on the following legal bases: (a) Performance of a contract: to provide and manage your player account, process transactions and deliver the Services you request; (b) Legal obligations: to comply with regulatory, AML, CTF, responsible gambling, tax and accounting obligations imposed by relevant authorities; (c) Legitimate interests: to maintain the security and integrity of our Services, prevent abuse, improve our products, conduct analytics and protect our legal rights, provided that such interests are not overridden by your rights and freedoms; (d) Consent: where required by law, for example for certain marketing communications or non-essential cookies. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
4. Purposes of Data Processing
We process your personal data for the following purposes: (a) Account registration and management: to create, verify and maintain your player account, including authentication and password recovery; (b) Provision of Services: to enable participation in casino games, process deposits and withdrawals, manage bonuses, and provide customer support; (c) Compliance and risk management: to conduct identity verification, age verification, AML and CTF checks, fraud detection, responsible gambling monitoring and reporting to competent authorities where required; (d) Service improvement: to analyze performance, user behavior and technical issues in order to maintain, optimize and develop our website and Services; (e) Communication: to send transactional messages, security alerts, service updates and, where permitted, marketing communications related to our Services; (f) Security: to ensure the security of our systems, prevent unauthorized access, detect and mitigate cyber threats and protect against misuse of the Services; (g) Legal claims: to establish, exercise or defend legal claims in connection with our operations.
5. Cookies and Similar Technologies
We use cookies and similar tracking technologies to ensure the proper functioning of our website, enhance user experience, analyze performance and, where permitted, for marketing and personalization. Cookies are small text files stored on your device by your browser. You may manage or disable cookies through your browser settings; however, some cookies are strictly necessary for the operation of the website and disabling them may affect the availability or functionality of certain features. Where required by applicable law, we will request your consent before placing non-essential cookies on your device.
6. Data Sharing and Recipients
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and subject to appropriate contractual and security safeguards: (a) Group entities and service providers: companies that provide hosting, payment processing, identity verification, customer support, analytics, IT maintenance and other operational services; (b) Regulatory and governmental authorities: licensing bodies, financial intelligence units, tax authorities and other public authorities where required by law or regulatory obligations; (c) Business partners: game providers and other partners involved in the provision of the Services, to the extent necessary to operate games and related features; (d) Professional advisers: legal, financial, compliance and audit professionals assisting us in fulfilling our legal and regulatory obligations; (e) Third parties in corporate transactions: in the context of a merger, acquisition, reorganization or sale of assets, subject to appropriate confidentiality and data protection measures.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your home jurisdiction. Where required by applicable law, we implement appropriate safeguards for such transfers, such as standard contractual clauses approved by competent authorities or equivalent mechanisms, and we ensure that recipients provide adequate protection for your personal data.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, to resolve disputes and to enforce our agreements. Retention periods may vary depending on the type of data and applicable legal obligations, including AML and gambling regulations that may require us to retain certain records for a minimum statutory period after account closure. Once the relevant retention period has expired, personal data will be securely deleted, anonymized or archived in accordance with our data retention policies.
9. Data Security
We implement technical and organizational measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. These measures may include encryption, access controls, network security protocols, monitoring, regular security assessments and staff training. While we strive to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Your Rights
Subject to applicable law and certain limitations, you may have the following rights in relation to your personal data: (a) Right of access: to obtain confirmation as to whether we process your personal data and receive a copy of such data; (b) Right to rectification: to request correction of inaccurate or incomplete personal data; (c) Right to erasure: to request deletion of your personal data where there is no longer a legal basis for processing it; (d) Right to restriction: to request restriction of processing under certain circumstances; (e) Right to data portability: to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible; (f) Right to object: to object to processing based on legitimate interests or, where applicable, to direct marketing; (g) Right to withdraw consent: where processing is based on consent, to withdraw such consent at any time. To exercise your rights, please contact us using the details provided on the website. We may request additional information to verify your identity before responding to your request.
11. Children and Age Restrictions
The Services are not intended for individuals under the legal age for gambling in their jurisdiction. We do not knowingly collect or process personal data of minors. If we become aware that personal data has been collected from an underage individual, we will take appropriate steps to delete such data and, where applicable, close the associated account. If you believe that we may have collected personal data from a minor, please contact us immediately.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, regulatory guidance, technological developments or our internal practices. The updated version will be published on our website with an updated “last revised” date. We encourage you to review this Privacy Policy periodically to remain informed about how we process your personal data. Your continued use of the Services after any changes become effective will constitute your acknowledgment of the updated Privacy Policy.
13. Contact and Complaints
If you have questions about this Privacy Policy, our data protection practices or wish to exercise your rights, you may contact us using the contact information provided on the website. You also have the right to lodge a complaint with a competent data protection authority in your country of residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes applicable data protection laws.